1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Kms
  5. GeneratedKey
Oracle Cloud Infrastructure v1.32.0 published on Thursday, Apr 18, 2024 by Pulumi

oci.Kms.GeneratedKey

Explore with Pulumi AI

oci logo
Oracle Cloud Infrastructure v1.32.0 published on Thursday, Apr 18, 2024 by Pulumi

    This resource provides the Generated Key resource in Oracle Cloud Infrastructure Kms service.

    Generates a key that you can use to encrypt or decrypt data.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as oci from "@pulumi/oci";
    
    const testGeneratedKey = new oci.kms.GeneratedKey("testGeneratedKey", {
        cryptoEndpoint: _var.generated_key_crypto_endpoint,
        includePlaintextKey: _var.generated_key_include_plaintext_key,
        keyId: oci_kms_key.test_key.id,
        keyShape: {
            algorithm: _var.generated_key_key_shape_algorithm,
            length: _var.generated_key_key_shape_length,
            curveId: oci_kms_curve.test_curve.id,
        },
        associatedData: _var.generated_key_associated_data,
        loggingContext: _var.generated_key_logging_context,
    });
    
    import pulumi
    import pulumi_oci as oci
    
    test_generated_key = oci.kms.GeneratedKey("testGeneratedKey",
        crypto_endpoint=var["generated_key_crypto_endpoint"],
        include_plaintext_key=var["generated_key_include_plaintext_key"],
        key_id=oci_kms_key["test_key"]["id"],
        key_shape=oci.kms.GeneratedKeyKeyShapeArgs(
            algorithm=var["generated_key_key_shape_algorithm"],
            length=var["generated_key_key_shape_length"],
            curve_id=oci_kms_curve["test_curve"]["id"],
        ),
        associated_data=var["generated_key_associated_data"],
        logging_context=var["generated_key_logging_context"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-oci/sdk/go/oci/Kms"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := Kms.NewGeneratedKey(ctx, "testGeneratedKey", &Kms.GeneratedKeyArgs{
    			CryptoEndpoint:      pulumi.Any(_var.Generated_key_crypto_endpoint),
    			IncludePlaintextKey: pulumi.Any(_var.Generated_key_include_plaintext_key),
    			KeyId:               pulumi.Any(oci_kms_key.Test_key.Id),
    			KeyShape: &kms.GeneratedKeyKeyShapeArgs{
    				Algorithm: pulumi.Any(_var.Generated_key_key_shape_algorithm),
    				Length:    pulumi.Any(_var.Generated_key_key_shape_length),
    				CurveId:   pulumi.Any(oci_kms_curve.Test_curve.Id),
    			},
    			AssociatedData: pulumi.Any(_var.Generated_key_associated_data),
    			LoggingContext: pulumi.Any(_var.Generated_key_logging_context),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Oci = Pulumi.Oci;
    
    return await Deployment.RunAsync(() => 
    {
        var testGeneratedKey = new Oci.Kms.GeneratedKey("testGeneratedKey", new()
        {
            CryptoEndpoint = @var.Generated_key_crypto_endpoint,
            IncludePlaintextKey = @var.Generated_key_include_plaintext_key,
            KeyId = oci_kms_key.Test_key.Id,
            KeyShape = new Oci.Kms.Inputs.GeneratedKeyKeyShapeArgs
            {
                Algorithm = @var.Generated_key_key_shape_algorithm,
                Length = @var.Generated_key_key_shape_length,
                CurveId = oci_kms_curve.Test_curve.Id,
            },
            AssociatedData = @var.Generated_key_associated_data,
            LoggingContext = @var.Generated_key_logging_context,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.oci.Kms.GeneratedKey;
    import com.pulumi.oci.Kms.GeneratedKeyArgs;
    import com.pulumi.oci.Kms.inputs.GeneratedKeyKeyShapeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testGeneratedKey = new GeneratedKey("testGeneratedKey", GeneratedKeyArgs.builder()        
                .cryptoEndpoint(var_.generated_key_crypto_endpoint())
                .includePlaintextKey(var_.generated_key_include_plaintext_key())
                .keyId(oci_kms_key.test_key().id())
                .keyShape(GeneratedKeyKeyShapeArgs.builder()
                    .algorithm(var_.generated_key_key_shape_algorithm())
                    .length(var_.generated_key_key_shape_length())
                    .curveId(oci_kms_curve.test_curve().id())
                    .build())
                .associatedData(var_.generated_key_associated_data())
                .loggingContext(var_.generated_key_logging_context())
                .build());
    
        }
    }
    
    resources:
      testGeneratedKey:
        type: oci:Kms:GeneratedKey
        properties:
          #Required
          cryptoEndpoint: ${var.generated_key_crypto_endpoint}
          includePlaintextKey: ${var.generated_key_include_plaintext_key}
          keyId: ${oci_kms_key.test_key.id}
          keyShape:
            algorithm: ${var.generated_key_key_shape_algorithm}
            length: ${var.generated_key_key_shape_length}
            curveId: ${oci_kms_curve.test_curve.id}
          #Optional
          associatedData: ${var.generated_key_associated_data}
          loggingContext: ${var.generated_key_logging_context}
    

    Create GeneratedKey Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new GeneratedKey(name: string, args: GeneratedKeyArgs, opts?: CustomResourceOptions);
    @overload
    def GeneratedKey(resource_name: str,
                     args: GeneratedKeyArgs,
                     opts: Optional[ResourceOptions] = None)
    
    @overload
    def GeneratedKey(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     crypto_endpoint: Optional[str] = None,
                     include_plaintext_key: Optional[bool] = None,
                     key_id: Optional[str] = None,
                     key_shape: Optional[_kms.GeneratedKeyKeyShapeArgs] = None,
                     associated_data: Optional[Mapping[str, Any]] = None,
                     logging_context: Optional[Mapping[str, Any]] = None)
    func NewGeneratedKey(ctx *Context, name string, args GeneratedKeyArgs, opts ...ResourceOption) (*GeneratedKey, error)
    public GeneratedKey(string name, GeneratedKeyArgs args, CustomResourceOptions? opts = null)
    public GeneratedKey(String name, GeneratedKeyArgs args)
    public GeneratedKey(String name, GeneratedKeyArgs args, CustomResourceOptions options)
    
    type: oci:Kms:GeneratedKey
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args GeneratedKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args GeneratedKeyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args GeneratedKeyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args GeneratedKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args GeneratedKeyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var generatedKeyResource = new Oci.Kms.GeneratedKey("generatedKeyResource", new()
    {
        CryptoEndpoint = "string",
        IncludePlaintextKey = false,
        KeyId = "string",
        KeyShape = new Oci.Kms.Inputs.GeneratedKeyKeyShapeArgs
        {
            Algorithm = "string",
            Length = 0,
            CurveId = "string",
        },
        AssociatedData = 
        {
            { "string", "any" },
        },
        LoggingContext = 
        {
            { "string", "any" },
        },
    });
    
    example, err := Kms.NewGeneratedKey(ctx, "generatedKeyResource", &Kms.GeneratedKeyArgs{
    	CryptoEndpoint:      pulumi.String("string"),
    	IncludePlaintextKey: pulumi.Bool(false),
    	KeyId:               pulumi.String("string"),
    	KeyShape: &kms.GeneratedKeyKeyShapeArgs{
    		Algorithm: pulumi.String("string"),
    		Length:    pulumi.Int(0),
    		CurveId:   pulumi.String("string"),
    	},
    	AssociatedData: pulumi.Map{
    		"string": pulumi.Any("any"),
    	},
    	LoggingContext: pulumi.Map{
    		"string": pulumi.Any("any"),
    	},
    })
    
    var generatedKeyResource = new GeneratedKey("generatedKeyResource", GeneratedKeyArgs.builder()        
        .cryptoEndpoint("string")
        .includePlaintextKey(false)
        .keyId("string")
        .keyShape(GeneratedKeyKeyShapeArgs.builder()
            .algorithm("string")
            .length(0)
            .curveId("string")
            .build())
        .associatedData(Map.of("string", "any"))
        .loggingContext(Map.of("string", "any"))
        .build());
    
    generated_key_resource = oci.kms.GeneratedKey("generatedKeyResource",
        crypto_endpoint="string",
        include_plaintext_key=False,
        key_id="string",
        key_shape=oci.kms.GeneratedKeyKeyShapeArgs(
            algorithm="string",
            length=0,
            curve_id="string",
        ),
        associated_data={
            "string": "any",
        },
        logging_context={
            "string": "any",
        })
    
    const generatedKeyResource = new oci.kms.GeneratedKey("generatedKeyResource", {
        cryptoEndpoint: "string",
        includePlaintextKey: false,
        keyId: "string",
        keyShape: {
            algorithm: "string",
            length: 0,
            curveId: "string",
        },
        associatedData: {
            string: "any",
        },
        loggingContext: {
            string: "any",
        },
    });
    
    type: oci:Kms:GeneratedKey
    properties:
        associatedData:
            string: any
        cryptoEndpoint: string
        includePlaintextKey: false
        keyId: string
        keyShape:
            algorithm: string
            curveId: string
            length: 0
        loggingContext:
            string: any
    

    GeneratedKey Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The GeneratedKey resource accepts the following input properties:

    CryptoEndpoint string
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    IncludePlaintextKey bool
    If true, the generated key is also returned unencrypted.
    KeyId string
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    KeyShape GeneratedKeyKeyShape
    The cryptographic properties of a key.
    AssociatedData Dictionary<string, object>
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    LoggingContext Dictionary<string, object>

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    CryptoEndpoint string
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    IncludePlaintextKey bool
    If true, the generated key is also returned unencrypted.
    KeyId string
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    KeyShape GeneratedKeyKeyShapeArgs
    The cryptographic properties of a key.
    AssociatedData map[string]interface{}
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    LoggingContext map[string]interface{}

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    cryptoEndpoint String
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    includePlaintextKey Boolean
    If true, the generated key is also returned unencrypted.
    keyId String
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    keyShape GeneratedKeyKeyShape
    The cryptographic properties of a key.
    associatedData Map<String,Object>
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    loggingContext Map<String,Object>

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    cryptoEndpoint string
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    includePlaintextKey boolean
    If true, the generated key is also returned unencrypted.
    keyId string
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    keyShape GeneratedKeyKeyShape
    The cryptographic properties of a key.
    associatedData {[key: string]: any}
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    loggingContext {[key: string]: any}

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    crypto_endpoint str
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    include_plaintext_key bool
    If true, the generated key is also returned unencrypted.
    key_id str
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    key_shape kms.GeneratedKeyKeyShapeArgs
    The cryptographic properties of a key.
    associated_data Mapping[str, Any]
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    logging_context Mapping[str, Any]

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    cryptoEndpoint String
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    includePlaintextKey Boolean
    If true, the generated key is also returned unencrypted.
    keyId String
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    keyShape Property Map
    The cryptographic properties of a key.
    associatedData Map<Any>
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    loggingContext Map<Any>

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Outputs

    All input properties are implicitly available as output properties. Additionally, the GeneratedKey resource produces the following output properties:

    Ciphertext string
    The encrypted data encryption key generated from a master encryption key.
    Id string
    The provider-assigned unique ID for this managed resource.
    Plaintext string
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    PlaintextChecksum string
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    Ciphertext string
    The encrypted data encryption key generated from a master encryption key.
    Id string
    The provider-assigned unique ID for this managed resource.
    Plaintext string
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    PlaintextChecksum string
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    ciphertext String
    The encrypted data encryption key generated from a master encryption key.
    id String
    The provider-assigned unique ID for this managed resource.
    plaintext String
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    plaintextChecksum String
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    ciphertext string
    The encrypted data encryption key generated from a master encryption key.
    id string
    The provider-assigned unique ID for this managed resource.
    plaintext string
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    plaintextChecksum string
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    ciphertext str
    The encrypted data encryption key generated from a master encryption key.
    id str
    The provider-assigned unique ID for this managed resource.
    plaintext str
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    plaintext_checksum str
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    ciphertext String
    The encrypted data encryption key generated from a master encryption key.
    id String
    The provider-assigned unique ID for this managed resource.
    plaintext String
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    plaintextChecksum String
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".

    Look up Existing GeneratedKey Resource

    Get an existing GeneratedKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: GeneratedKeyState, opts?: CustomResourceOptions): GeneratedKey
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            associated_data: Optional[Mapping[str, Any]] = None,
            ciphertext: Optional[str] = None,
            crypto_endpoint: Optional[str] = None,
            include_plaintext_key: Optional[bool] = None,
            key_id: Optional[str] = None,
            key_shape: Optional[_kms.GeneratedKeyKeyShapeArgs] = None,
            logging_context: Optional[Mapping[str, Any]] = None,
            plaintext: Optional[str] = None,
            plaintext_checksum: Optional[str] = None) -> GeneratedKey
    func GetGeneratedKey(ctx *Context, name string, id IDInput, state *GeneratedKeyState, opts ...ResourceOption) (*GeneratedKey, error)
    public static GeneratedKey Get(string name, Input<string> id, GeneratedKeyState? state, CustomResourceOptions? opts = null)
    public static GeneratedKey get(String name, Output<String> id, GeneratedKeyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AssociatedData Dictionary<string, object>
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    Ciphertext string
    The encrypted data encryption key generated from a master encryption key.
    CryptoEndpoint string
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    IncludePlaintextKey bool
    If true, the generated key is also returned unencrypted.
    KeyId string
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    KeyShape GeneratedKeyKeyShape
    The cryptographic properties of a key.
    LoggingContext Dictionary<string, object>

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Plaintext string
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    PlaintextChecksum string
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    AssociatedData map[string]interface{}
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    Ciphertext string
    The encrypted data encryption key generated from a master encryption key.
    CryptoEndpoint string
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    IncludePlaintextKey bool
    If true, the generated key is also returned unencrypted.
    KeyId string
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    KeyShape GeneratedKeyKeyShapeArgs
    The cryptographic properties of a key.
    LoggingContext map[string]interface{}

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Plaintext string
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    PlaintextChecksum string
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    associatedData Map<String,Object>
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    ciphertext String
    The encrypted data encryption key generated from a master encryption key.
    cryptoEndpoint String
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    includePlaintextKey Boolean
    If true, the generated key is also returned unencrypted.
    keyId String
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    keyShape GeneratedKeyKeyShape
    The cryptographic properties of a key.
    loggingContext Map<String,Object>

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    plaintext String
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    plaintextChecksum String
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    associatedData {[key: string]: any}
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    ciphertext string
    The encrypted data encryption key generated from a master encryption key.
    cryptoEndpoint string
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    includePlaintextKey boolean
    If true, the generated key is also returned unencrypted.
    keyId string
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    keyShape GeneratedKeyKeyShape
    The cryptographic properties of a key.
    loggingContext {[key: string]: any}

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    plaintext string
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    plaintextChecksum string
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    associated_data Mapping[str, Any]
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    ciphertext str
    The encrypted data encryption key generated from a master encryption key.
    crypto_endpoint str
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    include_plaintext_key bool
    If true, the generated key is also returned unencrypted.
    key_id str
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    key_shape kms.GeneratedKeyKeyShapeArgs
    The cryptographic properties of a key.
    logging_context Mapping[str, Any]

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    plaintext str
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    plaintext_checksum str
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    associatedData Map<Any>
    Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
    ciphertext String
    The encrypted data encryption key generated from a master encryption key.
    cryptoEndpoint String
    The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
    includePlaintextKey Boolean
    If true, the generated key is also returned unencrypted.
    keyId String
    The OCID of the master encryption key to encrypt the generated data encryption key with.
    keyShape Property Map
    The cryptographic properties of a key.
    loggingContext Map<Any>

    Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    plaintext String
    The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".
    plaintextChecksum String
    The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the includePlaintextKey parameter and sets its value to "true".

    Supporting Types

    GeneratedKeyKeyShape, GeneratedKeyKeyShapeArgs

    Algorithm string
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    Length int
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    CurveId string
    Supported curve IDs for ECDSA keys.
    Algorithm string
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    Length int
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    CurveId string
    Supported curve IDs for ECDSA keys.
    algorithm String
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    length Integer
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    curveId String
    Supported curve IDs for ECDSA keys.
    algorithm string
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    length number
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    curveId string
    Supported curve IDs for ECDSA keys.
    algorithm str
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    length int
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    curve_id str
    Supported curve IDs for ECDSA keys.
    algorithm String
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    length Number
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    curveId String
    Supported curve IDs for ECDSA keys.

    Import

    Import is not supported for this resource.

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    oci pulumi/pulumi-oci
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the oci Terraform Provider.
    oci logo
    Oracle Cloud Infrastructure v1.32.0 published on Thursday, Apr 18, 2024 by Pulumi